PH59837: NEW FUNCTION

Obtain the fix for this APAR.

APAR status

• Closed as new function.

Error description

• New Function
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * All users of Db2 for z/OS native RESTful                     *
  * services support.                                            *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * This APAR provides an enhancement to                         *
  * Db2 native RESTful services, which                           *
  * adds support for the HTTP Cross-Origin                       *
  * Resource Sharing (CORS) protocols.                           *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  Db2 native RESTful services lack of support for HTTP
  Cross-Origin Resource Sharing (CORS) protocols may prevent
  users from developing and deploying certain web applications,
  such as JavaScript web applications, which invoke Db2 REST
  services.
  

Problem conclusion

Temporary fix

Comments

• This APAR delivers an enhancement to Db2 native RESTful
  services functionality by adding support for HTTP
  Cross-Origin Resource Sharing (CORS) protocols, including
  support for the CORS "pre-flight" HTTP OPTIONS verb
  and CORS HTTP request/response header fields.
  The configuration and management of the Db2 REST CORS
  origin authorization rules are implemented using z/OS RACF
  Generic Profile support.  This involves using a new RACF
  RESOURCE CLASS (DSNRAUTH) and associated Generic or Discrete
  Resource Profiles to represent the allowed remote (origin)
  sites.
  After the Db2 PTF delivering this support has been applied,
  the Db2 REST services CORS support will be "enabled" by
  the security administrator by activating a new RACF
  Resource "DSNRAUTH" class.  The Db2 security administrator
  would then create one or more RACF resource profiles for
  the Db2 system to "permit" CORS protocol usage from
  specified origins (hosts).  Since the CORS origin checking
  is managed as a Db2 system wide setting which is independent
  of the "end-user" that is driving the CORS request, the
  authorization ID associated with the DDF (<ssid>DIST)
  started task address space will be used for the CORS origin
  resource authorization check.
  As part of this Db2 REST services enhancement, new Db2
  message, reason code, and IFCID trace externals in support
  of this new functionality are also delivered. Below is a
  brief summary of the new message, reason codes, and
  IFCID trace record; please refer to the Db2 13 online
  product documentation for complete content:
  - New DSNL616I message
    DSNL616I csect-name REST SERVICES CORS SUPPORT IS NOT
             ENABLED, CORS PROCESSING HAS BEEN BYPASSED
             number TIME(S)
    Explanation
    Db2 REST service processing has detected a REST request
    which includes cross-origin resource sharing (CORS)
    content.  Db2 REST services CORS support is not enabled,
    so the requested REST CORS authorization processing was
    bypassed.  This message is issued at a minimum interval
    of five minutes.
  - New Db2 reason codes:
   - 00D30063
     Explanation
     Db2 received a Db2 REST services request which included
     cross-origin resource sharing (CORS) authorization
     header fields, but the origin host identified in the
     request is not authorized.
   - 00D30064
     Explanation
     Db2 received a Db2 REST services request which included
     cross-origin resource sharing (CORS) authorization, but
     the request did not include a value for the required
     origin host.  This is a REST application coding error.
   - 00D30065
     Explanation
     Db2 received a Db2 REST services request which included
     cross-origin resource sharing (CORS) authorization
     using an unsupported format origin host value.  This
     is a REST application coding error.
   - 00D30066
     Explanation
     Db2 received a Db2 REST services request which included
     cross-origin resource sharing (CORS) authorization, but
     the Db2 REST services CORS support is not enabled.
  -New Db2 IFCID 0416 Audit trace record.
    Db2 REST CORS support includes a new IFCID 0416,
    "REST CROSS ORIGIN RESOURCE SHARING EXCEPTION TRACE"
    record, which will be activated and included under
    Db2 AUDIT CLASS(12).  When activated, Db2 will produce an
    IFCID 0416 trace record each time a Db2 REST services
    Cross-Origin Resource Sharing enabled request fails the
    Db2 CORS authorization processing.
  Complete documentation for this Db2 native RESTful services
  HTTP Cross-Origin Resource Sharing (CORS) enhancement
  can be found in the Db2 13 online product documentation.
  To find the changes and related information, search on
  "PH59837" or the following keywords:
  - REST CORS
  - DSNRAUTH
  - DSNL616I
  - 00D30063
  - 00D30064
  - 00D30065
  - 00D30066
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI96535

Modules/Macros

• DSNXATRM DSNLDTML DSNLJEMG DSNDQW05 DSNDQWHS DSNFLDIR DSN@QWHS
  DSNLJCOR DSNLJHPP DSNWVZSA DSNLTMIN DSNLTSTR DSNFTDIR DSNLTIPC
  DSNWVINT DSNXAENF DSNLIRTR DSNFCDIR DSNXAINI DSNXAE62 DSNLJTIN
  DSNWAACT DSNWVZPS
  

Fix information

• Fixed component name

  DB2 OS/390 & Z/

• Fixed component ID

  5740XYR00

Applicable component levels

• RD10 PSY UI96535

     UP24/04/25 P F404

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.